undefined | Better HN

0 pointschlorion3y ago0 comments

>Serious bugs doesn't care in which language the error happens

This just isn't true.

Buffer overflows are not possible with bounds checking.

Using a language that provides containers with bounds checked access methods would have prevented this. This isn't a point of debate or something, it's a fact.

C is virtually the only language that doesn't provide a safe way to access elements.

C++ provides bounds checking with std::array, std::vector and std::string using the "at()" methods. All Rust containers are checked by default. Pretty much every other language also is checked by default as well. All of these language's could have prevented this error and the other buffer overflow errors which there are tons of.

0 comments

eklitzke3y ago

Sure but you wouldn't be reading a password into a std::array or std::vector in C++, you'd be reading into a std::string or possibly something like a std::stringstream. And both of those containers will handle sizing and reallocation for you.

If your point is that C++ lets you do unsafe things then yes, of course it does. But so does Rust.

chlorionOP3y ago

I think you may be misinterpreting my comment a bit, I did not mean that C++ was bad here, but rather a large improvement.

My point was that in C++ (and others) you can completely prevent this entire class of errors by using the standard containers. std::string, just like std::vector and std::array provide the checked access methods which will prevent buffer overflows when used.

Almost every language other than C lets you access elements of a container safely, and oftentimes even the default methods for access are safe! In C++ there are compiler flags that make operator[] safe by default for all of the std containers too.

j / k navigate · click thread line to collapse